Security Basics mailing list archives
NTP over several firewalls
From: "nebula" <nebula () punkass com>
Date: Tue, 9 Sep 2003 21:42:47 +0200
Hi all, [not sure if it came trough due to unthoughfull x-posting to two lists. According to the moderator it did not get through, however, I did got it via the lists. If you receive this message double, I apologize...] I have a question that creates a continious discussion in our organisation and I would like to hear your view on it. We have a network looking like: Internet --> firewall --> DMZ -- firewall2 --> backend --> firewall 3 --> internal network. Each network is divided in several vlans. What I offer to do for NTP is as follows: Place a NTP server on the internal network, backend and dmz Let synchronization goes as follows: dmz ntp server --> backend ntp server --> internal ntp server. Let all hosts in a network sync with their network ntp server. So DMZ hosts to DMZ ntp and so on. One exception: Routers on the internet will sync to the DMZ NTP server too. Now, one of my co-workers wants the hosts to sync their time with the firewalls, so we do not need to deploy these servers (except for one which will have the atom clock connected to it). Personally I find that connections directed to the firewall should be limited to management of authentication connections. How do you guys/girls see this? regards --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- NTP over several firewalls nebula (Sep 09)